Xiaohongshu Creator Marketplace (Pugongying) Creator Profile API
PassAudited by ClawScan on May 10, 2026.
Overview
This is a focused JustOneAPI wrapper for one Xiaohongshu creator-profile endpoint, with the main caution that its documented command passes the API token on the command line.
This skill appears purpose-aligned for querying one creator-profile API through JustOneAPI. Before installing, make sure you trust JustOneAPI with the requested creator lookup and protect JUST_ONE_API_TOKEN; avoid pasting the token in chat, logs, or screenshots, and prefer environment-based token handling where possible.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone or something with access to local process details while the command runs may be able to see the API token.
The skill needs the JustOneAPI token for its stated purpose, but passing it via a command-line argument can expose the expanded token to local process inspection or command logging.
node {baseDir}/bin/run.mjs --operation "apiSolarCooperatorUserBloggerUserIdV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"userId":"<userId>"}'Prefer a helper that reads JUST_ONE_API_TOKEN directly from the environment or stdin, and rotate the token if you suspect it was exposed.